Articles

Sharing our performance and security knowledge. A place where we record insights, research and thought leadership.

Full text logging search

Steps To Recovering Servers Post-Hack

This articles provides a framework designed to help recover servers after a compromise.







Posted in Educational   Technical_Guides     /   2022-09-23

A Website Security Framework Intro

This articles provides website owners with a basic security framework for their web environment.







Posted in Website_Security   Educational     /   2022-09-20

WordPress Security: BackupBuddy Plugin Vulnerability Active Exploit Attempts

This articles reports on active exploit attempts targeting the BackupBuddy plugin vulnerability.







Posted in Security_Research   WordPress     /   2022-09-09

Navigating 81 Layers of Encoding to Reveal the C&C

This articles decodes a pice of malware that leads us to the attackers C&C.







Posted in Security_Research   WordPress     /   2022-08-25

Hijacking a Websites SERP Results with SEO SPAM

This articles how hackers hijack a websites SERPs with SEO SPAM links.







Posted in Security_Research   WordPress     /   2022-08-25

Analyzed 17,000 Spam Links on a Hacked WordPress Sites

This articles explores 17,000 spam links on a hacked WordPress website.







Posted in Security_Research   WordPress     /   2022-08-25

What Hackers Do with WordPress in 2022 - Post Hack Analysis

This articles explains what hackers do with WordPress once they successfully hack a website.







Posted in Security_Research   WordPress     /   2022-08-25

How the WordPress Gets Hacked in 2022 - Initial Reconnaissance

This articles explains how the WordPress JSON API and XMLRPC can be used to attack WordPress website using Brute Force techniques.







Posted in Security_Research   WordPress     /   2022-08-25

WordPress PHP Backdoor to DDoS Attacks

Analysis of how a PHP Backdoor on a compromised WordPress site is being used to start DDoS Attacks







Posted in Security_Research   Malware_Analysis     /   2022-07-25

Protecting SSH on Web Servers

This article explains how to protect SSH on web servers using basic Tips but placing emphasis on IP whitelisting.







Posted in Server_Security   SSH     /   2022-07-20

Open-Source CMS’ and Software Bill of Material (SBOM) | NOC

Apache is a powerful web server and logging is a critical piece to managing a web server. In this article we explain the two log types: access and error, and how to work with them.







Posted in SBOM   Compliance   Security   Governance     /   2022-07-17

Responding to Security Incidents – Incident Response Plan Basics and Log4Shell

This articles provides a a basic framework that security teams can use to build an incident response plan.







Posted in Security   Governance   Program     /   2022-06-14

Log4Shell – Lessons Learned in 30 Days

This articles provides a PSA for the WordPress 5.8.3 security release.







Posted in Log4Shell   Vulnerability   PSA   WAF   Security     /   2022-06-14

NMAP – A Free Network Mapping Tool

This articles provides a PSA for the WordPress 5.8.3 security release.







Posted in Free   Security   Tools   NMAP     /   2022-06-13

WordPress 5.8.3 Security Release

This articles provides a PSA for the WordPress 5.8.3 security release.







Posted in PSA   WordPress   Security   WAF     /   2022-06-13

Cloud-based Web Application Firewalls (WAF) & The Log4J Vulnerability

This articles speaks to the effectiveness of WAF solutions in protecting against exploits targeting the Log4J vulnerability.







Posted in PSA   Log4J   Vulnerabilities   Security   WAF     /   2022-06-13

Does DNSSEC matter?

This articles dives into the world of DNSSEC and explores its value to today's domain security.







Posted in CDN   Product   Features     /   2022-06-13

Introducing DNSRepo

This articles introduces DNSRepo to the NOC.







Posted in CDN   Product   Features     /   2022-06-13

Introducing Support for WebSockets

This articles introduces WebSockets to the NOC CDN / WAF platform.







Posted in CDN   Product   Features     /   2022-06-13

Active Exploits against CVE-2021-41773 (Apache Web Server Exploit)

This articles speaks to exploits against CVE-2021-41773. A vulnerability effecting Apache Web Server.







Posted in Vulnerabilities   Apache   PSA   Security   WAF     /   2022-06-13

The Most Effective Security Control for Open Source Admin Panels Never Used

This articles explains why it is important to block administrative panels on platforms like WordPress.







Posted in WordPress   Joomla   Access   Security   WAF     /   2022-06-13

WooCommerce Patches Two SQLi Vulnerabilities

This articles talks about two SQLi vulnerabilities in WooCommerce, patched in 2021.







Posted in Vulnerabilities   PSA   Security   WAF     /   2022-06-13

Evolving the CDN / WAF Stack

This articles explains the NOC architecture, diving into the details to understand how it works.







Posted in NOC   Architecture   Product   Feature     /   2022-06-10

Securing WordPress in The Enterprise

This articles provides a guide on how to harden WordPress to keep hackers out of the website.







Posted in WordPress   Security   Enterprise     /   2022-06-10

How the JSON API and XMLRPC are used for Brute Force Attacks Against WordPress

This articles explains how the WordPress JSON API and XMLRPC can be used to attack WordPress website using Brute Force techniques.







Posted in Image   Optimization   CDN   Product   Feature     /   2022-06-10

Web Applications / Assets Led the Charge in Breaches in 2020 According to the Verizon DBIR

This articles dives into the 2021 Verizon DBIR and analyzes how Web Applications and their assets contributed to breaches







Posted in Image   Optimization   CDN   Product   Feature     /   2022-06-10

Optimized Origin with the NOC CDN

This articles explains how optimizing your origin has a positive impact on how your website performance for your users.







Posted in Image   Optimization   CDN   Product   Feature     /   2022-06-10

WordPress Forced Updates vs Auto-Updates and Abusing User Defined Intent

This articles talks about forcing updates in the WordPress platform, and provides opinions on how that effects user defined intent.







Posted in WordPress   Security     /   2022-06-10

Arbitrary File Vulnerabilities And Why They Matter to Your Website

This articles explains Arbitrary File Upload Vulnerabilities and why they matter to the security of your website.







Posted in WAF   Vulnerabilities   Security     /   2022-06-10

The Domain Name System (DNS)

DNS stands for Domain Name System (DNS), you might hear it used interchangeably with Domain Name Server (DNS).. This article explains DNS, and how it works







Posted in Networking   DNS   Educational   Security   Features     /   2022-06-10

Automated Attacks Against WordPress Target Old Vulnerabilities

This article shows how attacks against WordPress are mostly automated.







Posted in Research   Security   WAF   WordPress     /   2022-06-10

The Importance of Asset Monitoring

This article explains why it's important to monitor assets like servers, websites and domains.







Posted in Networking   Performance   Monitoring   Educational   Security   Features     /   2022-06-09

How to Improve the Largest Contentful Paint (LCP) – Web Core Vital Metrics

This article explains how CDN's can have a positive effect on the performance of a website.







Posted in Performance   CDN   LCP     /   2022-06-09

The Affects of a CDN on your Websites Performance and Users Experience (and Google)

This article explains how CDN's can have a positive effect on the performance of a website.







Posted in Networking   Performance   Educational   Security   Products   Features     /   2022-06-08

Registries, Registrars and DNS

This aricle explains the differences between Registries, Registrars and DNS services.







Posted in Networking   Registry   Registrar   DNS   Educational   Security     /   2022-06-08

Autodetecting Network Failures and Self-Healing To Ensure Optimal Availability

This article explains how automating the detection of downtime can be crucial to an organization and DevSecOps team.







Posted in Networking   Performance   Educational   Security   Products   Features     /   2022-06-08

Using cURL to test the Performance of a Website

This article explains how cURL can be used to measure the performance of a website.







Posted in cURL   Performance   Educational   Security     /   2022-06-08

Using cURL to Test the NOC CDN Performance against Fastly, Sucuri and CloudFlare

This article explains how cURL can be used to compare performance against different CDN providers (e.g., NOC vs Sucuri, NOC vs CloudFlare).







Posted in cURL   Performance   Educational   Security     /   2022-06-08

Improve Your Websites Speed and Security